User-Visible kadmin-remctl Changes
+kadmin-remctl 3.6 (unreleased)
+
+ Add a new per-instance configuration option to set the password
+ expiration time for newly-created principals. Be aware that this only
+ controls the initial expiration period. After the first password
+ change, further expiration periods are normally controlled by the KDC
+ configuration or policy.
+
kadmin-remctl 3.5 (2013-10-10)
Increase the timeout for initial authentication during a kpasswd
#
# Written by Russ Allbery <rra@stanford.edu>
# Based heavily on work by Roland Schemers
-# Copyright 2003, 2007, 2008, 2009, 2010, 2011, 2013
+# Copyright 2003, 2007, 2008, 2009, 2010, 2011, 2013, 2014
# The Board of Trustees of the Leland Stanford Junior University
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
if ($status ne 'enabled') {
$command .= ' -allow_tix';
}
+ if ($CONFIG{$instance}{expiration}) {
+ my $expiration = time + $CONFIG{$instance}{expiration};
+ $expiration = strftime ('%Y-%m-%d %T', localtime $expiration);
+ $command .= ' -pwexpire "$expiration"';
+ }
if (exists $CONFIG{$instance}{create_opts}) {
$command .= ' ' . $CONFIG{$instance}{create_opts};
}
creating a new principal. These can be any valid flags to the C<addprinc>
command.
+=item expiration
+
+If set, the number of seconds into the future at which the password for a
+newly-created account should expire.
+
=item k5_admin
Principal to use for authentication of Kerberos v5 B<kadmin> operations.
=head1 COPYRIGHT AND LICENSE
-Copyright 2003, 2007, 2008, 2009, 2010, 2011, 2013 The Board of Trustees
-of the Leland Stanford Junior University
+Copyright 2003, 2007, 2008, 2009, 2010, 2011, 2013, 2014 The Board of
+Trustees of the Leland Stanford Junior University
Permission is hereby granted, free of charge, to any person obtaining a
copy of this software and associated documentation files (the "Software"),
# Written by Russ Allbery <rra@stanford.edu>
# Heimdal port written by Jon Robertson <jonrober@stanford.edu>
# Based heavily on work by Roland Schemers
-# Copyright 2003, 2007, 2008, 2009, 2010, 2011, 2013
+# Copyright 2003, 2007, 2008, 2009, 2010, 2011, 2013, 2014
# The Board of Trustees of the Leland Stanford Junior University
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
}
$princdata->setAttributes ($attrs);
+ # Set a password expiration if we were told to.
+ if ($CONFIG{$instance}{expiration}) {
+ my $expiration = time + $CONFIG{$instance}{expiration};
+ $princdata->setPwExpiration ($expiration);
+ }
+
if (!eval { $kadmin->createPrincipal ($princdata, $password, 0) }) {
my $error = $@ || "unknown error\n";
warn "error: cannot create $principal: $error";
Set to a true value if passwords for this instance should be subject to
password strength checking, false otherwise.
+=item expiration
+
+If set, the number of seconds into the future at which the password for a
+newly-created account should expire.
+
=item k5_admin
Principal to use for authentication of Kerberos B<kadmin> operations. If
=head1 COPYRIGHT AND LICENSE
-Copyright 2009, 2010, 2011, 2013 The Board of Trustees of the Leland
+Copyright 2009, 2010, 2011, 2013, 2014 The Board of Trustees of the Leland
Stanford Junior University
Permission is hereby granted, free of charge, to any person obtaining a